- Home
- MCP servers
- NPM Plus
NPM Plus
- typescript
6
GitHub Stars
typescript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
NPM Plus MCP Server provides AI-powered package management for JavaScript. It lets you search, inspect, install, update, and analyze dependencies with built-in security checks, bundle insights, and AI-assisted workflows across editors and IDEs.
How to use
You interact with the MCP server through your preferred MCP client (hosted or self-hosted). Start by pointing your client at the MCP URL and then issue natural language prompts like “search for React libraries,” “install lodash as a dev dependency,” or “show bundle size impact before adding moment.js.” The tools will guide you to perform package discovery, installation, analysis, and maintenance tasks with automatic retries and helpful error messages.
How to install
Prerequisites: you need Node.js installed on your machine. Optionally, have npm or npx available depending on your chosen setup.
# 1) Hosted (recommended in many cases): simply configure your MCP client to point at the remote MCP URL
# 2) Self-hosted using npx (recommended for local development)
# 3) Self-hosted using node (local dist/index.js)
HTTP MCP configuration (Hosted Service)
{
"mcpServers": {
"npmplus-mcp": {
"transport": "http",
"url": "https://api.npmplus.dev/mcp",
"args": []
}
}
}
Self-hosted with NPX (Remote server control via NPX)
{
"mcp": {
"servers": {
"npmplus-mcp": {
"command": "npx",
"args": ["-y", "npmplus-mcp-server"]
}
}
}
}
Self-hosted with local Node runtime
{
"mcpServers": {
"npmplus-mcp": {
"command": "node",
"args": ["./dist/index.js"],
"cwd": "./",
"disabled": false
}
}
}
Notes on deployment
If you are deploying to production, use the local development flow for testing and then follow your deployment pipeline to run in production. The hosted URL remains the same for clients configured to the remote MCP.
Security and access
MCP servers run with your local permissions. Do not expose the MCP endpoint publicly without appropriate access controls. Review configuration before enabling servers and use trusted sources only.
Troubleshooting
If you encounter issues, try these steps in order: check server status, restart the MCP client, review logs for the [npmplus-mcp] tag, and adjust timeouts if you see slow responses. For specific problems with npm idealTree or vulnerability checks, use the dedicated tool blocks to retry operations or gather diagnostics.
Self-hosting quick-start
To run locally from source, you can build and start the server as follows.
git clone https://github.com/shacharsol/js-package-manager-mcp.git
cd js-package-manager-mcp
npm install
npm run build
npm start
Analytics (optional)
Analytics can be enabled to gain visibility into tool usage and performance in self-hosted deployments. Enable analytics by setting environment variables.
# Enable analytics logging (example)
ENABLE_ANALYTICS=true
ANALYTICS_SALT=your-random-salt
Testing & validation
Run validation commands to ensure health and features work as expected. Use the available test targets to perform deployment checks, unit tests, and development mode runs.
Version and updates
To update a self-hosted server, install the latest package and restart the service. If you are using a hosted MCP URL, updates are managed by the hosting provider.
Available tools
search_packages
Search npm registry with intelligent scoring to find packages by functionality and metadata.
package_info
Retrieve comprehensive metadata for a package, including keywords and maintainers.
check_bundle_size
Analyze the bundle size impact before installation to help optimize dependencies.
download_stats
View download statistics and trends for packages.
check_license
Inspect package licenses to support compliance.
dependency_tree
Visualize dependency relationships and detect circular dependencies.
list_licenses
List all licenses used in the project for compliance review.
audit_dependencies
Security vulnerability scanning across dependencies.
analyze_dependencies
Detect circular dependencies and orphaned packages in the graph.
check_outdated
Identify outdated packages and suggested updates.
clean_cache
Clear the package manager cache to recover from transient errors.
check_vulnerability
Check specific package vulnerabilities with targeted queries.
install_packages
Install packages with intelligent retry logic and support for dev/global scopes.
update_packages
Update packages to their latest compatible versions.
remove_packages
Remove packages cleanly from the project.
debug_version
Query server version and status for troubleshooting.